20 matches found
CVE-2026-33812
Parsing a malicious font file can cause excessive memory allocation...
EUVD-2010-1452
Malware in sbrugna...
EUVD-2015-3718
Malware in sbrugna...
EUVD-2021-17677
Malware in sbrugna...
EUVD-2021-8415
Malicious code in bioql PyPI...
EUVD-2023-31642
Malicious code in bioql PyPI...
Input validation
An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.7.5, macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4, iOS 15.7.4 and iPadOS 15.7.4, macOS Monterey 12.6.4. Processing a font file may lead to arbitrary code execution...
CVE-2023-27916
The affected application lacks proper validation of user-supplied data when parsing font files e.g., FNT. This could lead to an out-of-bounds read. An attacker could leverage this vulnerability to potentially execute arbitrary code in the context of the current process...
CVE-2022-24091
Acrobat Reader DC version 21.007.20099 and earlier, 20.004.30017 and earlier and 17.011.30204 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in...
UBUNTU-CVE-2022-23319
A segmentation fault during PCF file parsing in pcf2bdf versions =1.05 allows an attacker to trigger a program crash via a specially crafted PCF font file. This crash affects the availability of the software and dependent downstream components...
CVE-2021-30789
An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 14.7, macOS Big Sur 11.5, watchOS 7.6, tvOS 14.7, Security Update 2021-004 Catalina. Processing a maliciously crafted font file may lead to arbitrary code execution...
CVE-2021-30760
An integer overflow was addressed through improved input validation. This issue is fixed in iOS 14.7, macOS Big Sur 11.5, watchOS 7.6, tvOS 14.7, Security Update 2021-005 Mojave, Security Update 2021-004 Catalina. Processing a maliciously crafted font file may lead to arbitrary code execution...
About the security content of iOS 11
About the security content of iOS 11 This document describes the security content of iOS 11. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent...
CVE-2015-3681
Apple Type Services ATS in Apple OS X before 10.10.4 allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via a crafted font file, a different vulnerability than CVE-2015-3679, CVE-2015-3680, and CVE-2015-3682...
CVE-2015-3681
Apple Type Services ATS in Apple OS X before 10.10.4 allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via a crafted font file, a different vulnerability than CVE-2015-3679, CVE-2015-3680, and CVE-2015-3682...
Apple MAC OS X Font File Handling Processing Arbitrary Code Execution Vulnerability (CNVD-2015-04267)
Apple Mac OS X is a commercial operating system. An arbitrary code execution vulnerability exists in Apple Mac OS X's handling of specially crafted font files, which allows an attacker to construct a malicious file that can be parsed by a user to execute arbitrary code...
CVE-2014-0209
Multiple integer overflows in the 1 FontFileAddEntry and 2 lexAlias functions in X.Org libXfont before 1.4.8 and 1.4.9x before 1.4.99.901 might allow local users to gain privileges by adding a directory with a large fonts.dir or fonts.alias file to the font path, which triggers a heap-based buffe...
CVE-2011-3193
Heap-based buffer overflow in the LookupMarkMarkPos function in the HarfBuzz module harfbuzz-gpos.c, as used by Qt before 4.7.4 and Pango, allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via a crafted font file...
CVE-2010-3311
Integer overflow in base/ftstream.c in libXft aka the X FreeType library in FreeType before 2.4 allows remote attackers to cause a denial of service application crash or possibly execute arbitrary code via a crafted Compact Font Format CFF font file that triggers a heap-based buffer overflow,...
Ubuntu 5.04 / 5.10 / 6.06 LTS : freetype vulnerability (USN-324-1)
An integer overflow has been discovered in the FreeType library. By tricking a user into installing and/or opening a specially crafted font file, these could be exploited to execute arbitrary code with the privileges of that user. Note that Tenable Network Security has extracted the preceding...